Cybersecurity y cyber threat are two sides of the same coin, that of the burgeoning technology security market. A rapidly expanding territory with growth well above 10% per year. With this source of opportunities as a common thread, our friends at Channel Partner have organized the Security Forum 2017, Sure right !.
First, let's synchronize the clocks: What is the current situation in cybersecurity in Spain? We will have answers thanks to Javier Candau, head of the cybersecurity department of the National Cryptological Center (CCN). A preview:
Javier Candau, CCN
Then we were able to enjoy a brilliant discussion table with manufacturers and specialist partners. "Investing in security is investing in productivity"; "Outreach, awareness and education in schools"; "Security is a management problem (not just technology)"; «There are few specialist companies, therefore, cultivate your network of alliances»; «Where to put the security focus?». An interesting, open and productive debate that lasted in a relaxed cocktail among all attendees.
Below we go into more detail in the contents of both sessions, although the graphic summaries published from the channel of BPS - Business Publications Spain.
To start, Javier Candau illustrated us with a little history. It is good to know how we got here.
Year 2006: Before the need to increase prevention, detection, analysis, response and coordination capacities in the face of cyber threats suffered by Public Administrations and classified systems, a center was established to consolidate the Incident Response Capacity of the National Cryptological Center: the CCN-CERT is born.
Since then, the publication of the National Security Scheme (ENS) in 2010 and its revision in 2015, together with the various Early Warning Systems (EWS) put in place allow us to have a clear photo of situation in Public Administrations, classified systems and strategic companies:
- In 2016 we had 15% more security incidents than in 2015, that is, 20.940 incidents.
- Of these 20,940 cases from 2016, 620 are Very High or Critical Hazard incidents (along with 13.201 of High Danger).
- In the case of Ransomware, we have gone from 427 cases in 2015 to 2.030 Ransomware incidents in 2016. The CCN-CERT details it in its Security Measures Against Ransomware Report.
In short, threats are constantly increasing and evolving,
as in the case of "Malware as a Service".
La cooperation and information exchange are
our best option for a good cybersecurity strategy.
Finally, Javier reminds us that we always have available the cybersecurity alert level published from the CERT of the National Cryptological Center and that October is the European Cybersecurity Month:
Then we were able to enjoy a productive round table that left us these messages about opportunities in the market cybersecurity:
Would we use grocery bags as an airbag?
No simple solutionss to complex problems.
In his speech INGECOM highlighted that the central message of the RSA world conference of this year was that cyber-crime are organized groups that, in addition, come together as a convenience to carry out targeted attacks. In particular, they warn that a wave of threats is coming from the IoT part, connected cars and others.
By GTI It is abundant that SMEs demand security, but only the minimum: They remember it when they infect it and it lasts for 15 days. However, the attack surface is constantly increasing, which is why they consider that specialization in security will be increasingly necessary.
Specializing in security requires investment in time and knowledge.
Recommendation: Combine manufacturer capabilities.
They also highlight that with the new Data Protection Regulation (for May 2018) SMEs must report when they are attacked. They think this change in the law offers two business opportunities: those based on the minimum for compliance with the law and those based on the protection of information.
It is necessary to work on weaving a network of alliances, insists HP. Cybersecurity itself has different branches (Big Data, IoT, data mining, social networks, etc.) with specific nuances, such as, for example, in the part of Big Data that requires security services beyond the concepts of perimeter security.
It insists that we need the collaboration of all of us for the dissemination work. Along these lines, the miniseries produced by HP on basic practices to protect our assets stands out.
Via Melchor Sanz, Technology & Solutions Presales Manager at HP
So where to put the security focus?
It is necessary to focus on all the layers and, surely, pulling from various manufacturers #WIN
Manufacturers are not interested in having their product talked to everyone #FAIL
The right measure by users is to force the products to talk to each other #WIN
To raise awareness, in addition to training, education #WIN
For example, going to schools to teach groups from the age of six #WIN
Thanks to the courtesy of Channel Partner, we have the following video summaries available:
Brief summary of the event # ForoSeguridad17
Melchor Sanz, Technology & Solutions Presales Manager at HP
Carlos Tortosa, Head of Large Accounts at ESSET Spain
Javier Arnaiz, Head of Business Business at G DATA